[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5318) response msgid <= 0 mishandled in libldap

To: openldap-its@OpenLDAP.org
Subject: (ITS#5318) response msgid <= 0 mishandled in libldap
From: h.b.furuseth@usit.uio.no
Date: Wed, 9 Jan 2008 22:01:30 GMT

Full_Name: Hallvard B Furuseth
Version: HEAD
OS: 
URL: 
Submission from: (NULL) (129.240.6.233)
Submitted by: hallvard


libraries/libldap/result.c:try_read1msg() accesses 'lr' uninitialized
if 'id' (message ID) from line 577's 'ber_get_int( ber, &id )' is <= 0.

I'm not sure if the client should terminate the connection when it
receives message id < 0, or if it should just toss the response like
it does with unknown message IDs.

With message ID 0, the code reaches this statement with 'lr' uninitialized:
	Debug( LDAP_DEBUG_TRACE,
		"read1msg: ld %p msgid %ld message type %s\n",
		(void *)ld, (long)lr->lr_msgid, ldap_int_msgtype2str( tag ) );
As far as I can tell, normally lr->lr_msgid == id.  I haven't tracked what
those values are with LDAP_CONNECTIONLESS at the 'nextresp2:' label.
A 700-line function with 5 labels, yuck.
Anyway, I wonder why taht statement and the statement below:
	if ( id == 0 ) {
doesn't use the same value, either id or lr->lr_msgid for both.

Prev by Date: (ITS#5317) bad result for ldapsearch -f
Next by Date: Re: (ITS#5316) authzTo unevaluated in 2.4.7
Index(es):
- Chronological
- Thread